Hi all,
many thanks for the first feedback! I think it was very helpful,
especially the filesystem infos.
I ve some experience in programming and I think I will try to brute
force my way in as I know the filesystem.
I will keep you informed about my progress and I may ask some more
questions, but your help is already appreciated very much.
I know _for sure_ only 2 chars out of 20, but i have some more info on
the pattern. For example I used only letters and numbers and I am very
sure that i did not repeat any character more than twice for example.
and some chars i didn't use at all...
I think that information programmed into a brute force tool which tries
to find the described layout of the ext2 filesystem. It may take some
time to complete but i am confident.
Do you have any ideas on how to actually calculate the key. For example
should I create them on the fly as the programm is running or should I
precalculate them in a dictionary (filesize may be big as I dont know
how big the keyspace is ATM...)
Then there is the problem of pausing and resuming the brute force
search. For example if a machine crashes, recovery data which stores
already processed keys should be mandatory. I do not have an approach jet.
greetings,
l.r.
Christian Kujau wrote:
On Fri, 17 Nov 2006, Lars Reimann wrote:
ive a huge problem: i have mission critical data on a 400 GB raid 1.
(2x400).
something you don't wanna hear right now, but still: "mission critical
data" always has a backup (and no, RAID is not a backup).
lost, including passwords. However, i may remember certain details of
the password, for example which characters I used not, and how the
password ends.
How many characters do you know *for sure*? Even if there're still 10
unknown characters left and you're sure that you only uses
alphanumeric characters, perhaps a few special characters, the already
suggested brute-force attack might be worth (and interesting!) to try.
may have to write it on my own if nothing is available. I heard it
may be possible to extract some sectors of ext2/3 partitions which
are always
filesystems often (always?) have "magic numbers" on the beginning:
$ file -s /dev/sda2
/dev/sda2: Linux rev 1.0 ext2 filesystem data
If you're sure it's an ext2 filesystem, then just look/compare other
ext2 filesystems. This magic number is documented in
include/linux/magic.h (here: 0xef53)
# head -1 /dev/sda2 | od -x | grep ef53
0002060 443e 455e 0003 0021 ef53 0001 0002 0000
good luck,
Christian.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
